2 * "$Id: usersys.c 8498 2009-04-13 17:03:15Z mike $"
4 * User, system, and password routines for CUPS.
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
15 * This file is subject to the Apple OS-Developed Software exception.
19 * cupsEncryption() - Get the current encryption settings.
20 * cupsGetPassword() - Get a password from the user.
21 * cupsGetPassword2() - Get a password from the user using the advanced
23 * cupsServer() - Return the hostname/address of the current
25 * cupsSetClientCertCB() - Set the client certificate callback.
26 * cupsSetEncryption() - Set the encryption preference.
27 * cupsSetPasswordCB() - Set the password callback for CUPS.
28 * cupsSetPasswordCB2() - Set the advanced password callback for CUPS.
29 * cupsSetServer() - Set the default server name and port.
30 * cupsSetServerCertCB() - Set the server certificate callback.
31 * cupsSetUser() - Set the default user name.
32 * cupsUser() - Return the current user's name.
33 * _cupsGetPassword() - Get a password from the user.
34 * _cupsGSSServiceName() - Get the GSS (Kerberos) service name.
35 * _cupsSetDefaults() - Set the default server, port, and encryption.
36 * cups_read_client_conf() - Read a client.conf file.
40 * Include necessary headers...
43 #include "cups-private.h"
57 static void cups_read_client_conf(cups_file_t
*fp
,
59 const char *cups_encryption
,
60 const char *cups_server
,
62 const char *cups_gssservicename
,
63 #endif /* HAVE_GSSAPI */
64 const char *cups_anyroot
,
65 const char *cups_expiredroot
,
66 const char *cups_expiredcerts
);
70 * 'cupsEncryption()' - Get the current encryption settings.
72 * The default encryption setting comes from the CUPS_ENCRYPTION
73 * environment variable, then the ~/.cups/client.conf file, and finally the
74 * /etc/cups/client.conf file. If not set, the default is
75 * @code HTTP_ENCRYPT_IF_REQUESTED@.
77 * Note: The current encryption setting is tracked separately for each thread
78 * in a program. Multi-threaded programs that override the setting via the
79 * @link cupsSetEncryption@ function need to do so in each thread for the same
83 http_encryption_t
/* O - Encryption settings */
86 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
89 if (cg
->encryption
== (http_encryption_t
)-1)
92 return (cg
->encryption
);
97 * 'cupsGetPassword()' - Get a password from the user.
99 * Uses the current password callback function. Returns @code NULL@ if the
100 * user does not provide a password.
102 * Note: The current password callback function is tracked separately for each
103 * thread in a program. Multi-threaded programs that override the setting via
104 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
105 * do so in each thread for the same function to be used.
108 const char * /* O - Password */
109 cupsGetPassword(const char *prompt
) /* I - Prompt string */
111 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
114 return ((cg
->password_cb
)(prompt
, NULL
, NULL
, NULL
, cg
->password_data
));
119 * 'cupsGetPassword2()' - Get a password from the user using the advanced
122 * Uses the current password callback function. Returns @code NULL@ if the
123 * user does not provide a password.
125 * Note: The current password callback function is tracked separately for each
126 * thread in a program. Multi-threaded programs that override the setting via
127 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
128 * do so in each thread for the same function to be used.
130 * @since CUPS 1.4/Mac OS X 10.6@
133 const char * /* O - Password */
134 cupsGetPassword2(const char *prompt
, /* I - Prompt string */
135 http_t
*http
, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
136 const char *method
, /* I - Request method ("GET", "POST", "PUT") */
137 const char *resource
) /* I - Resource path */
139 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
143 http
= _cupsConnect();
145 return ((cg
->password_cb
)(prompt
, http
, method
, resource
, cg
->password_data
));
150 * 'cupsServer()' - Return the hostname/address of the current server.
152 * The default server comes from the CUPS_SERVER environment variable, then the
153 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
154 * set, the default is the local system - either "localhost" or a domain socket
157 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
158 * address, or a domain socket pathname.
160 * Note: The current server is tracked separately for each thread in a program.
161 * Multi-threaded programs that override the server via the
162 * @link cupsSetServer@ function need to do so in each thread for the same
166 const char * /* O - Server name */
169 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
180 * 'cupsSetClientCertCB()' - Set the client certificate callback.
182 * Pass @code NULL@ to restore the default callback.
184 * Note: The current certificate callback is tracked separately for each thread
185 * in a program. Multi-threaded programs that override the callback need to do
186 * so in each thread for the same callback to be used.
188 * @since CUPS 1.5/Mac OS X 10.7@
193 cups_client_cert_cb_t cb
, /* I - Callback function */
194 void *user_data
) /* I - User data pointer */
196 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
199 cg
->client_cert_cb
= cb
;
200 cg
->client_cert_data
= user_data
;
205 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
208 * Note: The default credentials are tracked separately for each thread in a
209 * program. Multi-threaded programs that override the setting need to do so in
210 * each thread for the same setting to be used.
212 * @since CUPS 1.5/Mac OS X 10.7@
215 int /* O - Status of call (0 = success) */
217 cups_array_t
*credentials
) /* I - Array of credentials */
219 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
222 if (cupsArrayCount(credentials
) < 1)
225 _httpFreeCredentials(cg
->tls_credentials
);
226 cg
->tls_credentials
= _httpConvertCredentials(credentials
);
228 return (cg
->tls_credentials
? 0 : -1);
233 * 'cupsSetEncryption()' - Set the encryption preference.
235 * The default encryption setting comes from the CUPS_ENCRYPTION
236 * environment variable, then the ~/.cups/client.conf file, and finally the
237 * /etc/cups/client.conf file. If not set, the default is
238 * @code HTTP_ENCRYPT_IF_REQUESTED@.
240 * Note: The current encryption setting is tracked separately for each thread
241 * in a program. Multi-threaded programs that override the setting need to do
242 * so in each thread for the same setting to be used.
246 cupsSetEncryption(http_encryption_t e
) /* I - New encryption preference */
248 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
254 httpEncryption(cg
->http
, e
);
259 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
261 * Pass @code NULL@ to restore the default (console) password callback, which
262 * reads the password from the console. Programs should call either this
263 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
264 * by a program per thread.
266 * Note: The current password callback is tracked separately for each thread
267 * in a program. Multi-threaded programs that override the callback need to do
268 * so in each thread for the same callback to be used.
272 cupsSetPasswordCB(cups_password_cb_t cb
)/* I - Callback function */
274 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
277 if (cb
== (cups_password_cb_t
)0)
278 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
280 cg
->password_cb
= (cups_password_cb2_t
)cb
;
282 cg
->password_data
= NULL
;
287 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
289 * Pass @code NULL@ to restore the default (console) password callback, which
290 * reads the password from the console. Programs should call either this
291 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
292 * by a program per thread.
294 * Note: The current password callback is tracked separately for each thread
295 * in a program. Multi-threaded programs that override the callback need to do
296 * so in each thread for the same callback to be used.
298 * @since CUPS 1.4/Mac OS X 10.6@
303 cups_password_cb2_t cb
, /* I - Callback function */
304 void *user_data
) /* I - User data pointer */
306 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
309 if (cb
== (cups_password_cb2_t
)0)
310 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
312 cg
->password_cb
= cb
;
314 cg
->password_data
= user_data
;
319 * 'cupsSetServer()' - Set the default server name and port.
321 * The "server" string can be a fully-qualified hostname, a numeric
322 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
323 * addresses can be optionally followed by a colon and port number to override
324 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
325 * default server name and port.
327 * Note: The current server is tracked separately for each thread in a program.
328 * Multi-threaded programs that override the server need to do so in each
329 * thread for the same server to be used.
333 cupsSetServer(const char *server
) /* I - Server name */
335 char *port
; /* Pointer to port */
336 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
341 strlcpy(cg
->server
, server
, sizeof(cg
->server
));
343 if (cg
->server
[0] != '/' && (port
= strrchr(cg
->server
, ':')) != NULL
&&
344 !strchr(port
, ']') && isdigit(port
[1] & 255))
348 cg
->ipp_port
= atoi(port
);
351 if (cg
->server
[0] == '/')
352 strcpy(cg
->servername
, "localhost");
354 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
358 cg
->server
[0] = '\0';
359 cg
->servername
[0] = '\0';
371 * 'cupsSetServerCertCB()' - Set the server certificate callback.
373 * Pass @code NULL@ to restore the default callback.
375 * Note: The current credentials callback is tracked separately for each thread
376 * in a program. Multi-threaded programs that override the callback need to do
377 * so in each thread for the same callback to be used.
379 * @since CUPS 1.5/Mac OS X 10.7@
384 cups_server_cert_cb_t cb
, /* I - Callback function */
385 void *user_data
) /* I - User data pointer */
387 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
390 cg
->server_cert_cb
= cb
;
391 cg
->server_cert_data
= user_data
;
396 * 'cupsSetUser()' - Set the default user name.
398 * Pass @code NULL@ to restore the default user name.
400 * Note: The current user name is tracked separately for each thread in a
401 * program. Multi-threaded programs that override the user name need to do so
402 * in each thread for the same user name to be used.
406 cupsSetUser(const char *user
) /* I - User name */
408 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
412 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
419 * 'cupsUser()' - Return the current user's name.
421 * Note: The current user name is tracked separately for each thread in a
422 * program. Multi-threaded programs that override the user name with the
423 * @link cupsSetUser@ function need to do so in each thread for the same user
427 const char * /* O - User name */
430 const char *user
; /* USER environment variable */
431 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
438 * Get the current user name from the OS...
441 DWORD size
; /* Size of string */
443 size
= sizeof(cg
->user
);
444 if (!GetUserName(cg
->user
, &size
))
447 * Get the user name corresponding to the current UID...
450 struct passwd
*pwd
; /* User/password entry */
453 if ((pwd
= getpwuid(getuid())) != NULL
)
459 strlcpy(cg
->user
, pwd
->pw_name
, sizeof(cg
->user
));
463 if ((user
= getenv("USER")) != NULL
)
466 * Use the username from the "USER" environment variable...
468 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
473 * Use the default "unknown" user name...
476 strcpy(cg
->user
, "unknown");
485 * '_cupsGetPassword()' - Get a password from the user.
488 const char * /* O - Password */
489 _cupsGetPassword(const char *prompt
) /* I - Prompt string */
493 * Currently no console password support is provided on Windows.
500 * Use the standard getpass function to get a password from the console. An
501 * empty password is treated as canceling the authentication request.
504 const char *password
= getpass(prompt
);
505 /* Password string */
507 if (!password
|| !password
[0])
517 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
521 _cupsGSSServiceName(void)
523 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
526 if (!cg
->gss_service_name
[0])
529 return (cg
->gss_service_name
);
531 #endif /* HAVE_GSSAPI */
535 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
539 _cupsSetDefaults(void)
541 cups_file_t
*fp
; /* File */
542 const char *home
, /* Home directory of user */
543 *cups_encryption
, /* CUPS_ENCRYPTION env var */
544 *cups_server
, /* CUPS_SERVER env var */
546 *cups_gssservicename
, /* CUPS_GSSSERVICENAME env var */
547 #endif /* HAVE_GSSAPI */
548 *cups_anyroot
, /* CUPS_ANYROOT env var */
549 *cups_expiredroot
, /* CUPS_EXPIREDROOT env var */
550 *cups_expiredcerts
; /* CUPS_EXPIREDCERTS env var */
551 char filename
[1024]; /* Filename */
552 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
555 DEBUG_puts("_cupsSetDefaults()");
558 * First collect environment variables...
561 cups_encryption
= getenv("CUPS_ENCRYPTION");
562 cups_server
= getenv("CUPS_SERVER");
564 cups_gssservicename
= getenv("CUPS_GSSSERVICENAME");
565 #endif /* HAVE_GSSAPI */
566 cups_anyroot
= getenv("CUPS_ANYROOT");
567 cups_expiredroot
= getenv("CUPS_EXPIREDROOT");
568 cups_expiredcerts
= getenv("CUPS_EXPIREDCERTS");
571 * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
572 * files to get the default values...
575 if (cg
->encryption
== (http_encryption_t
)-1 || !cg
->server
[0] ||
578 if ((home
= getenv("HOME")) != NULL
)
581 * Look for ~/.cups/client.conf...
584 snprintf(filename
, sizeof(filename
), "%s/.cups/client.conf", home
);
585 fp
= cupsFileOpen(filename
, "r");
593 * Look for CUPS_SERVERROOT/client.conf...
596 snprintf(filename
, sizeof(filename
), "%s/client.conf",
597 cg
->cups_serverroot
);
598 fp
= cupsFileOpen(filename
, "r");
602 * Read the configuration file and apply any environment variables; both
603 * functions handle NULL cups_file_t pointers...
606 cups_read_client_conf(fp
, cg
, cups_encryption
, cups_server
,
609 #endif /* HAVE_GSSAPI */
610 cups_anyroot
, cups_expiredroot
,
618 * 'cups_read_client_conf()' - Read a client.conf file.
622 cups_read_client_conf(
623 cups_file_t
*fp
, /* I - File to read */
624 _cups_globals_t
*cg
, /* I - Global data */
625 const char *cups_encryption
, /* I - CUPS_ENCRYPTION env var */
626 const char *cups_server
, /* I - CUPS_SERVER env var */
628 const char *cups_gssservicename
,
629 /* I - CUPS_GSSSERVICENAME env var */
630 #endif /* HAVE_GSSAPI */
631 const char *cups_anyroot
, /* I - CUPS_ANYROOT env var */
632 const char *cups_expiredroot
, /* I - CUPS_EXPIREDROOT env var */
633 const char *cups_expiredcerts
) /* I - CUPS_EXPIREDCERTS env var */
635 int linenum
; /* Current line number */
636 char line
[1024], /* Line from file */
637 *value
, /* Pointer into line */
638 encryption
[1024], /* Encryption value */
639 server_name
[1024], /* ServerName value */
640 any_root
[1024], /* AllowAnyRoot value */
641 expired_root
[1024], /* AllowExpiredRoot value */
642 expired_certs
[1024]; /* AllowExpiredCerts value */
644 char gss_service_name
[32]; /* GSSServiceName value */
645 #endif /* HAVE_GSSAPI */
649 * Read from the file...
653 while (cupsFileGetConf(fp
, line
, sizeof(line
), &value
, &linenum
))
655 if (!cups_encryption
&& cg
->encryption
== (http_encryption_t
)-1 &&
656 !_cups_strcasecmp(line
, "Encryption") && value
)
658 strlcpy(encryption
, value
, sizeof(encryption
));
659 cups_encryption
= encryption
;
661 else if (!cups_server
&& (!cg
->server
[0] || !cg
->ipp_port
) &&
662 !_cups_strcasecmp(line
, "ServerName") && value
)
664 strlcpy(server_name
, value
, sizeof(server_name
));
665 cups_server
= server_name
;
667 else if (!cups_anyroot
&& !_cups_strcasecmp(line
, "AllowAnyRoot") && value
)
669 strlcpy(any_root
, value
, sizeof(any_root
));
670 cups_anyroot
= any_root
;
672 else if (!cups_expiredroot
&& !_cups_strcasecmp(line
, "AllowExpiredRoot") &&
675 strlcpy(expired_root
, value
, sizeof(expired_root
));
676 cups_expiredroot
= expired_root
;
678 else if (!cups_expiredcerts
&& !_cups_strcasecmp(line
, "AllowExpiredCerts") &&
681 strlcpy(expired_certs
, value
, sizeof(expired_certs
));
682 cups_expiredcerts
= expired_certs
;
685 else if (!cups_gssservicename
&& !_cups_strcasecmp(line
, "GSSServiceName") &&
688 strlcpy(gss_service_name
, value
, sizeof(gss_service_name
));
689 cups_gssservicename
= gss_service_name
;
691 #endif /* HAVE_GSSAPI */
698 if (cg
->encryption
== (http_encryption_t
)-1 && cups_encryption
)
700 if (!_cups_strcasecmp(cups_encryption
, "never"))
701 cg
->encryption
= HTTP_ENCRYPT_NEVER
;
702 else if (!_cups_strcasecmp(cups_encryption
, "always"))
703 cg
->encryption
= HTTP_ENCRYPT_ALWAYS
;
704 else if (!_cups_strcasecmp(cups_encryption
, "required"))
705 cg
->encryption
= HTTP_ENCRYPT_REQUIRED
;
707 cg
->encryption
= HTTP_ENCRYPT_IF_REQUESTED
;
710 if ((!cg
->server
[0] || !cg
->ipp_port
) && cups_server
)
715 * Copy server name...
718 strlcpy(cg
->server
, cups_server
, sizeof(cg
->server
));
720 if (cg
->server
[0] != '/' && (value
= strrchr(cg
->server
, ':')) != NULL
&&
721 !strchr(value
, ']') && isdigit(value
[1] & 255))
726 if (cg
->server
[0] == '/')
727 strcpy(cg
->servername
, "localhost");
729 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
731 else if (cups_server
[0] != '/' &&
732 (value
= strrchr(cups_server
, ':')) != NULL
&&
733 !strchr(value
, ']') && isdigit(value
[1] & 255))
738 if (!cg
->ipp_port
&& value
)
739 cg
->ipp_port
= atoi(value
);
744 #ifdef CUPS_DEFAULT_DOMAINSOCKET
746 * If we are compiled with domain socket support, only use the
747 * domain socket if it exists and has the right permissions...
750 struct stat sockinfo
; /* Domain socket information */
752 if (!stat(CUPS_DEFAULT_DOMAINSOCKET
, &sockinfo
) &&
753 (sockinfo
.st_mode
& S_IRWXO
) == S_IRWXO
)
754 cups_server
= CUPS_DEFAULT_DOMAINSOCKET
;
756 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
757 cups_server
= "localhost";
759 cupsSetServer(cups_server
);
764 const char *ipp_port
; /* IPP_PORT environment variable */
766 if ((ipp_port
= getenv("IPP_PORT")) != NULL
)
768 if ((cg
->ipp_port
= atoi(ipp_port
)) <= 0)
769 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
772 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
776 if (!cups_gssservicename
)
777 cups_gssservicename
= CUPS_DEFAULT_GSSSERVICENAME
;
779 strlcpy(cg
->gss_service_name
, cups_gssservicename
,
780 sizeof(cg
->gss_service_name
));
781 #endif /* HAVE_GSSAPI */
784 cg
->any_root
= !_cups_strcasecmp(cups_anyroot
, "yes") ||
785 !_cups_strcasecmp(cups_anyroot
, "on") ||
786 !_cups_strcasecmp(cups_anyroot
, "true");
788 if (cups_expiredroot
)
789 cg
->expired_root
= !_cups_strcasecmp(cups_expiredroot
, "yes") ||
790 !_cups_strcasecmp(cups_expiredroot
, "on") ||
791 !_cups_strcasecmp(cups_expiredroot
, "true");
793 if (cups_expiredcerts
)
794 cg
->expired_certs
= !_cups_strcasecmp(cups_expiredcerts
, "yes") ||
795 !_cups_strcasecmp(cups_expiredcerts
, "on") ||
796 !_cups_strcasecmp(cups_expiredcerts
, "true");
801 * End of "$Id: usersys.c 8498 2009-04-13 17:03:15Z mike $".